Quick rundown of this month’s biggest vulnerabilities and signs of exploit to keep an eye on as you patch.

CVE-2025-59489 

Arbitrary code execution in Unity runtime

Impacts Unity 2017.1+ across Windows, macOS, and Android. Attackers can execute arbitrary code before app defenses load — this includes apps built on Unity like kiosks, training tools, or VR software.
Signs of exploit:

• Unity-based apps crashing or failing to launch unexpectedly
• Unknown .dll or .so files appearing in Unity directories
• Logs showing suspicious launch arguments (e.g., -xrsdk-pre-init-library)

CVE-2024-53139 

Windows Hello security feature bypass vulnerability

An attacker with local admin privileges can tamper with stored biometric data and impersonate another user if Enhanced Sign-in Security isn’t turned on.
Signs of exploit:

• New or altered biometric enrollments with no authorized change
• Unexpected biometric sign-ins in authentication logs
• Systems using Windows Hello without Enhanced Sign-in Security enabled

CVE-2024-53139 

Microsoft Exchange Server elevation of privilege vulnerability

Weak authentication handling in Exchange lets an authenticated attacker operate as the server account allowing for full mailbox access, data theft, or lateral movement.
Signs of exploit:

• Unusual mailbox activity or sudden forwarding rule creation
• Suspicious PowerShell or IIS activity tied to Exchange service accounts
• Spikes in privileged or failed authentication attempts from external IPs

Catch the Automox Patch Tuesday analysis in podcast or blog form.